Sigma rule processing and conversion tools

These details have not been verified by PyPI

Project links

Project description

pySigma

Tests Coverage Badge Status

pySigma is a python library that parses and converts Sigma rules into queries.

It replaces a lot of the logic found in the sigmac tool, and brings it into a modern Python library. For a CLI version of the new Sigma tool, see (TBA).

Getting Started

To start using pySigma, install it using your python package manager of choice. Documentation with some usage examples can be found here.

Poetry:

poetry add git+https://github.com/SigmaHQ/pySigma.git#main

Pipenv:

pipenv install git+https://github.com/SigmaHQ/pySigma.git#egg=pysigma

Features

pySigma brings a number of additional features over sigmac, as well as some changes.

Modifier compare from sigmac

Modifier	Use	sigmac legacy
contains	the value is matched anywhere in the field (strings and regular expressions)	X
startswith	The value is expected at the beginning of the field's content (strings and regular expressions)	X
endswith	The value is expected at the end of the field's content (strings and regular expressions)	X
base64	The value is encoded with Base64	X
base64offset	If a value might appear somewhere in a base64-encoded value the representation might change depending on the position in the overall value	X
wide	transforms value to UTF16-LE encoding	X
re	value is handled as regular expression by backends	X
cidr	value is handled as a IP CIDR by backends
all	This modifier changes OR logic to AND	X
lt	Field is less than the value
lte	Field is less or egal than the value
gt	Field is Greater than the value
gte	Field is Greater or egal than the value
expand	Modifier for expansion of placeholders in values. It replaces placeholder strings (%something%)

Overview

Conversion Overview

Conversion Graph

Pipelines

Conversion Graph

More details are described in the documentation.

Testing

To run the pytest suite for pySigma, run the following command:

make test

Contributing

Pull requests are welcome. Please feel free to lodge any issues/PRs as discussion points.

Authors

Thomas Patzke thomas@patzke.org

Licence

GNU Lesser General Public License v2.1. For details, please see the full license file located here.

Project details

These details have not been verified by PyPI

Project links

Release history Release notifications | RSS feed

0.11.18

Oct 25, 2024

0.11.17

Oct 14, 2024

0.11.16

Oct 13, 2024

0.11.15

Oct 13, 2024

0.11.14

Sep 13, 2024

0.11.13

Sep 8, 2024

0.11.12

Sep 2, 2024

0.11.11

Aug 31, 2024

0.11.10

Aug 10, 2024

0.11.9

Jul 14, 2024

0.11.8

Jun 27, 2024

0.11.7

Jun 16, 2024

0.11.6

May 23, 2024

0.11.5

Apr 25, 2024

0.11.4

Mar 26, 2024

0.11.3

Jan 29, 2024

0.11.2

Jan 19, 2024

0.11.1

Jan 17, 2024

0.11.0

Dec 31, 2023

0.10.10

Dec 16, 2023

0.10.9

Nov 24, 2023

0.10.8

Nov 14, 2023

0.10.7

Nov 14, 2023

0.10.6

Oct 27, 2023

0.10.5

Sep 1, 2023

0.10.4

Aug 30, 2023

0.10.3

Aug 30, 2023

0.10.2

Aug 18, 2023

0.10.1

Aug 5, 2023

0.10.0

Jul 30, 2023

0.9.11

May 17, 2023

0.9.10

May 16, 2023

0.9.9

May 11, 2023

0.9.8

Apr 30, 2023

0.9.7

Apr 29, 2023

0.9.6

Apr 5, 2023

0.9.5

Mar 3, 2023

0.9.4

Feb 20, 2023

0.9.3

Feb 18, 2023

0.9.2

Feb 13, 2023

0.9.1

Feb 7, 2023

0.9.0

Feb 5, 2023

0.8.12

Jan 6, 2023

0.8.11

Jan 5, 2023

0.8.10

Dec 14, 2022

0.8.9

Oct 6, 2022

0.8.8

Oct 5, 2022

0.8.7

Oct 5, 2022

0.8.6

Oct 5, 2022

0.8.5

Oct 5, 2022

0.8.4

Oct 4, 2022

0.8.3

Oct 4, 2022

0.8.2

Sep 29, 2022

0.8.1

Aug 16, 2022

0.8.0

Aug 10, 2022

0.7.3

Aug 4, 2022

0.7.2

Jul 27, 2022

0.7.1

Jul 25, 2022

0.7.0

Jul 23, 2022

0.6.8

Jul 21, 2022

0.6.7

Jul 21, 2022

0.6.6

Jul 20, 2022

0.6.5

Jul 8, 2022

0.6.4

Jun 27, 2022

0.6.3

Jun 21, 2022

0.6.2

May 28, 2022

0.6.1

May 26, 2022

0.6.0

May 3, 2022

0.5.2

Apr 28, 2022

0.5.1

Apr 16, 2022

0.5.0

Apr 7, 2022

0.4.5

Apr 3, 2022

0.4.4

Mar 30, 2022

0.4.3

Mar 23, 2022

0.4.2

Mar 21, 2022

0.4.1

Mar 15, 2022

0.4.0

Mar 14, 2022

0.3.2

Mar 11, 2022

0.3.1

Mar 10, 2022

0.3.0

Mar 9, 2022

0.2.0

Feb 15, 2022

This version

0.1.7

Feb 15, 2022

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pySigma-0.1.7.tar.gz (49.0 kB view hashes)

Uploaded Feb 15, 2022 Source

Built Distribution

pySigma-0.1.7-py3-none-any.whl (55.6 kB view hashes)

Uploaded Feb 15, 2022 Python 3

Hashes for pySigma-0.1.7.tar.gz

Hashes for pySigma-0.1.7.tar.gz
Algorithm	Hash digest
SHA256	`4c6f6419e9c357f209c2c77e4e0638a047ea3faad6a361a81bf645abe52c13bd`
MD5	`e293d2407f409b52e5f050c6a52f6bb3`
BLAKE2b-256	`ca212f0c88203eb250b88e4dbf15eb9a4b0b3a7261ea7d2551860619ccc5c0fd`

Hashes for pySigma-0.1.7-py3-none-any.whl

Hashes for pySigma-0.1.7-py3-none-any.whl
Algorithm	Hash digest
SHA256	`3401b58bd1152f3997890f63ceb0b4e296667078454368ad14107c53c23dbffd`
MD5	`5def6138be8e4e2279edd50538987986`
BLAKE2b-256	`7d444ccad95741c28b52c203fbbbcab5ab02c63da6492726589b8ced07e40632`